From e99eee8ed930802a09509828d43163531b8bd6f2 Mon Sep 17 00:00:00 2001
From: Reddysekhar Gaduputi <gsekhar73@gmail.com>
Date: Sat, 29 Jun 2024 22:02:12 +0530
Subject: [PATCH] [Helm chart] Remove createClusterRole dependency from
 serviceAccount usage from filer statefulset (#5724)

* Remove createClusterRole dependency from serviceAccount usage from filer statefulset

* Add automountServiceAccountToken option for service account.
---
 k8s/charts/seaweedfs/templates/filer-statefulset.yaml | 2 --
 k8s/charts/seaweedfs/templates/service-account.yaml   | 3 ++-
 k8s/charts/seaweedfs/values.yaml                      | 1 +
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/k8s/charts/seaweedfs/templates/filer-statefulset.yaml b/k8s/charts/seaweedfs/templates/filer-statefulset.yaml
index 1e27c1840..881c4868a 100644
--- a/k8s/charts/seaweedfs/templates/filer-statefulset.yaml
+++ b/k8s/charts/seaweedfs/templates/filer-statefulset.yaml
@@ -56,9 +56,7 @@ spec:
         {{ tpl .Values.filer.tolerations . | nindent 8 | trim }}
       {{- end }}
       {{- include "seaweedfs.imagePullSecrets" . | nindent 6 }}
-      {{- if .Values.global.createClusterRole }}
       serviceAccountName: {{ .Values.filer.serviceAccountName | default .Values.global.serviceAccountName | quote }} # for deleting statefulset pods after migration
-      {{- end }}
       terminationGracePeriodSeconds: 60
       {{- if .Values.filer.priorityClassName }}
       priorityClassName: {{ .Values.filer.priorityClassName | quote }}
diff --git a/k8s/charts/seaweedfs/templates/service-account.yaml b/k8s/charts/seaweedfs/templates/service-account.yaml
index a00c9f3f7..429158a27 100644
--- a/k8s/charts/seaweedfs/templates/service-account.yaml
+++ b/k8s/charts/seaweedfs/templates/service-account.yaml
@@ -7,4 +7,5 @@ metadata:
     app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
     helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
\ No newline at end of file
+    app.kubernetes.io/instance: {{ .Release.Name }}
+automountServiceAccountToken: {{ .Values.global.automountServiceAccountToken }}
\ No newline at end of file
diff --git a/k8s/charts/seaweedfs/values.yaml b/k8s/charts/seaweedfs/values.yaml
index 53385779e..585272db4 100644
--- a/k8s/charts/seaweedfs/values.yaml
+++ b/k8s/charts/seaweedfs/values.yaml
@@ -19,6 +19,7 @@ global:
       filerRead: false
   # we will use this serviceAccountName for all ClusterRoles/ClusterRoleBindings
   serviceAccountName: "seaweedfs"
+  automountServiceAccountToken: true
   certificates:
     alphacrds: false
   monitoring: